Re: multiple port variable fun

[Frank Knobbe <frank () knobbe us>]

On Wed, 2007-07-04 at 09:17 +0200, Jeffrey Denton wrote:
> On 7/3/07, Ryan Hudson <ryan () mydingo net au> wrote:
> > Do you mean put that in snort.conf?  Because when i tried that it just
> > thought you were reading the same rules files multiple times and failed as
> > the same pid's were being used multiple times. And the http_ports variable
> > was over-written 3 times.

> Yeap, the SIDs will cause problems.  Barnyard and Oinkmaster wouldn't
> play nice either.  One possible solution is to create separate rules
> files for each port.  This looks ugly...

Really? Never had a problem with that. Just created a small test file
with a duplicate rule, but changed ports. Snort reads both rules without
a complaint.

What version of Snort are you using that causes that error? Or is the
error caused by some third party app?

Regards,
Frank


-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users